Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Backports:SLE-15-SP4:FactoryCandidates
certgen
certgen-1.3.0.obscpio
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File certgen-1.3.0.obscpio of Package certgen
07070100000000000041ED000000000000000000000002665F4C7C00000000000000000000000000000000000000000000001600000000certgen-1.3.0/.github07070100000001000041ED000000000000000000000002665F4C7C00000000000000000000000000000000000000000000002000000000certgen-1.3.0/.github/workflows07070100000002000081A4000000000000000000000001665F4C7C00000283000000000000000000000000000000000000002E00000000certgen-1.3.0/.github/workflows/vulncheck.ymlname: VulnCheck on: pull_request: branches: - master - main push: branches: - master - main jobs: vulncheck: name: Analysis runs-on: ubuntu-latest strategy: matrix: go-version: [ 1.22.3 ] steps: - name: Check out code into the Go module directory uses: actions/checkout@v4 - uses: actions/setup-go@v5 with: go-version: ${{ matrix.go-version }} check-latest: true - name: Get govulncheck run: go install golang.org/x/vuln/cmd/govulncheck@latest shell: bash - name: Run govulncheck run: govulncheck ./... shell: bash 07070100000003000081A4000000000000000000000001665F4C7C0000003E000000000000000000000000000000000000001900000000certgen-1.3.0/.gitignoredist/ certgen *~ public.crt private.key client.crt client.key 07070100000004000081A4000000000000000000000001665F4C7C0000025C000000000000000000000000000000000000001E00000000certgen-1.3.0/.goreleaser.ymlbefore: hooks: - go mod tidy -compat=1.21 builds: - goos: - darwin - linux - freebsd - windows goarch: - amd64 - arm64 - ppc64le - s390x flags: - -trimpath - --tags=kqueue ldflags: - -s -w -X main.version={{.Tag}} env: - CGO_ENABLED=0 archives: - name_template: "{{ .ProjectName }}-{{ .Os }}-{{ .Arch }}" format: binary changelog: sort: asc nfpms: - maintainer: "MinIO Developers <dev@min.io>" homepage: https://github.com/minio/certgen formats: - deb - rpm 07070100000005000081A4000000000000000000000001665F4C7C000005C7000000000000000000000000000000000000001600000000certgen-1.3.0/LICENSECopyright (c) 2009 The Go Authors. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. * Neither the name of Google Inc. nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 07070100000006000081A4000000000000000000000001665F4C7C000008B5000000000000000000000000000000000000001800000000certgen-1.3.0/README.md# certgen `certgen` is a simple tool to generate self-signed certificates, and provides SAN certificates with DNS and IP entries. ## Install <details open="true"><summary><b><a name="binary-releases">Binary Releases</a></b></summary> | OS | ARCH | Binary | |:--------:|:-------:|:----------------------------------------------------------------------------------------------------:| | Linux | amd64 | [linux-amd64](https://github.com/minio/certgen/releases/latest/download/certgen-linux-amd64) | | Linux | arm64 | [linux-arm64](https://github.com/minio/certgen/releases/latest/download/certgen-linux-arm64) | | Linux | ppc64le | [linux-ppc64le](https://github.com/minio/certgen/releases/latest/download/certgen-linux-ppc64le) | | Linux | s390x | [linux-s390x](https://github.com/minio/certgen/releases/latest/download/certgen-linux-s390x) | | Apple M1 | arm64 | [darwin-arm64](https://github.com/minio/certgen/releases/latest/download/certgen-darwin-arm64) | | Apple | amd64 | [darwin-amd64](https://github.com/minio/certgen/releases/latest/download/certgen-darwin-amd64) | | Windows | amd64 | [windows-amd64](https://github.com/minio/certgen/releases/latest/download/certgen-windows-amd64.exe) | | Windows | arm64 | [windows-amd64](https://github.com/minio/certgen/releases/latest/download/certgen-windows-arm64.exe) | | FreeBSD | amd64 | [freebsd-amd64](https://github.com/minio/certgen/releases/latest/download/certgen-freebsd-amd64) | | FreeBSD | arm64 | [freebsd-amd64](https://github.com/minio/certgen/releases/latest/download/certgen-freebsd-arm64) | Download [`certgen`](https://github.com/minio/certgen/releases/latest) for your specific operating system and platform. ## Example (server) ```sh certgen -host "127.0.0.1,localhost" Created a new certificate 'public.crt', 'private.key' valid for the following names đ - "127.0.0.1" - "localhost" ``` ## Example (client) ```sh certgen -client -host "localhost" Created a new certificate 'client.crt', 'client.key' valid for the following names đ - "localhost" ``` 07070100000007000081A4000000000000000000000001665F4C7C00001AE3000000000000000000000000000000000000001900000000certgen-1.3.0/certgen.go// Copyright 2009 The Go Authors. All rights reserved. // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. // Generate a self-signed X.509 certificate for a TLS server. Outputs to // 'public.crt' and 'private.key' and will overwrite existing files. package main import ( "crypto/ecdsa" "crypto/ed25519" "crypto/elliptic" "crypto/rand" "crypto/x509" "crypto/x509/pkix" "encoding/pem" "flag" "fmt" "log" "math/big" "net" "net/mail" "net/url" "os" "os/user" "regexp" "strings" "time" ) var version = "(dev)" var ( host = flag.String("host", "", "Comma-separated hostnames and IPs to generate a certificate for") ecdsaCurve = flag.String("ecdsa-curve", "P256", "ECDSA curve to use to generate a key. Valid values are P224, P256 (recommended), P384, P521") ed25519Key = flag.Bool("ed25519", false, "Generate an Ed25519 key") orgName = flag.String("org-name", "Certgen Development", "Organization name used when generating the certs") commonName = flag.String("common-name", "", "Common name for client cert") isNoCA = flag.Bool("no-ca", false, "whether this cert should not be its own Certificate Authority") isClient = flag.Bool("client", false, "whether this cert is a client certificate") validFrom = flag.String("start-date", "", "Creation date formatted as Jan 1 15:04:05 2011") validFor = flag.Duration("duration", 365*24*time.Hour, "Duration that certificate is valid for") ) func publicKey(priv interface{}) interface{} { switch k := priv.(type) { case *ecdsa.PrivateKey: return &k.PublicKey case ed25519.PrivateKey: return k.Public().(ed25519.PublicKey) default: return nil } } var userAndHostname string func init() { u, err := user.Current() if err == nil { userAndHostname = u.Username + "@" } if h, err := os.Hostname(); err == nil { userAndHostname += h } if err == nil && u.Name != "" && u.Name != u.Username { userAndHostname += " (" + u.Name + ")" } } func main() { flag.Parse() if len(*host) == 0 { log.Fatalf("Missing required --host parameter") } var priv interface{} var err error switch *ecdsaCurve { case "": if *ed25519Key { _, priv, err = ed25519.GenerateKey(rand.Reader) } case "P224": priv, err = ecdsa.GenerateKey(elliptic.P224(), rand.Reader) case "P256": priv, err = ecdsa.GenerateKey(elliptic.P256(), rand.Reader) case "P384": priv, err = ecdsa.GenerateKey(elliptic.P384(), rand.Reader) case "P521": priv, err = ecdsa.GenerateKey(elliptic.P521(), rand.Reader) default: log.Fatalf("Unrecognized elliptic curve: %q", *ecdsaCurve) } if err != nil { log.Fatalf("Failed to generate private key: %v", err) } // ECDSA, ED25519 subject keys should have the DigitalSignature // KeyUsage bits set in the x509.Certificate template keyUsage := x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature var notBefore time.Time if len(*validFrom) == 0 { notBefore = time.Now() } else { notBefore, err = time.Parse("Jan 2 15:04:05 2006", *validFrom) if err != nil { log.Fatalf("Failed to parse creation date: %v", err) } } notAfter := notBefore.Add(*validFor) serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128) serialNumber, err := rand.Int(rand.Reader, serialNumberLimit) if err != nil { log.Fatalf("Failed to generate serial number: %v", err) } template := x509.Certificate{ SerialNumber: serialNumber, Subject: pkix.Name{ Organization: []string{*orgName}, OrganizationalUnit: []string{userAndHostname}, }, NotBefore: notBefore, NotAfter: notAfter, KeyUsage: keyUsage, BasicConstraintsValid: true, } if *isClient { if *commonName != "" { template.Subject.CommonName = *commonName } } hosts := strings.Split(*host, ",") for _, h := range hosts { h = strings.TrimSpace(h) if h == "" { continue } if ip := net.ParseIP(h); ip != nil { template.IPAddresses = append(template.IPAddresses, ip) } else if email, err := mail.ParseAddress(h); err == nil && email.Address == h { template.EmailAddresses = append(template.EmailAddresses, h) } else if uriName, err := url.Parse(h); err == nil && uriName.Scheme != "" && uriName.Host != "" { template.URIs = append(template.URIs, uriName) } else { template.DNSNames = append(template.DNSNames, h) } } if len(template.IPAddresses) > 0 || len(template.DNSNames) > 0 || len(template.URIs) > 0 { template.ExtKeyUsage = append(template.ExtKeyUsage, x509.ExtKeyUsageServerAuth) } if len(template.EmailAddresses) > 0 { template.ExtKeyUsage = append(template.ExtKeyUsage, x509.ExtKeyUsageEmailProtection) } if *isClient { template.ExtKeyUsage = append(template.ExtKeyUsage, x509.ExtKeyUsageClientAuth) } else if !*isNoCA { template.IsCA = true template.KeyUsage |= x509.KeyUsageCertSign } pkey := publicKey(priv) if pkey == nil { log.Fatalln("Failed to create certificate: publicKey is nil") } derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, pkey, priv) if err != nil { log.Fatalf("Failed to create certificate: %v", err) } certName := "public.crt" if *isClient { certName = "client.crt" } certOut, err := os.Create(certName) if err != nil { log.Fatalf("Failed to open %s for writing: %v", certName, err) } if err := pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes}); err != nil { log.Fatalf("Failed to write data to %s: %v", certName, err) } if err := certOut.Close(); err != nil { log.Fatalf("Error closing %s: %v", certName, err) } certKey := "private.key" if *isClient { certKey = "client.key" } keyOut, err := os.OpenFile(certKey, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0o600) if err != nil { log.Fatalf("Failed to open %s for writing: %v", certKey, err) } privBytes, err := x509.MarshalPKCS8PrivateKey(priv) if err != nil { log.Fatalf("Unable to marshal %s: %v", certKey, err) } if err := pem.Encode(keyOut, &pem.Block{Type: "PRIVATE KEY", Bytes: privBytes}); err != nil { log.Fatalf("Failed to write data to %s: %v", certKey, err) } if err := keyOut.Close(); err != nil { log.Fatalf("Error closing %s: %v", certKey, err) } secondLvlWildcardRegexp := regexp.MustCompile(`(?i)^\*\.[0-9a-z_-]+$`) fmt.Printf("Created a new certificate '%v', '%v' valid for the following names đ\n", certName, certKey) for _, h := range hosts { h = strings.TrimSpace(h) if h == "" { continue } fmt.Printf(" - %q\n", h) if secondLvlWildcardRegexp.MatchString(h) { fmt.Printf(" Warning: many browsers don't support second-level wildcards like %q â ī¸\n", h) } } for _, h := range hosts { h = strings.TrimSpace(h) if h == "" { continue } if strings.HasPrefix(h, "*.") { fmt.Printf("\nReminder: X.509 wildcards only go one level deep, so this won't match a.b.%s âšī¸\n", h[2:]) break } } } 07070100000008000081A4000000000000000000000001665F4C7C00000029000000000000000000000000000000000000001500000000certgen-1.3.0/go.modmodule github.com/minio/certgen go 1.21 07070100000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000B00000000TRAILER!!!27 blocks
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor